In-line verification of transactions

ABSTRACT

A transaction system can include a computing device with a communication port, a processor device, and a non-transitory computer-readable storage memory. The communication port can communicate data with other computing devices. The non-transitory computer-readable storage memory includes code that is executable by the processor device to perform operations. The operations include receiving parameters of a transfer, verifying the transfer using a multi-factor authentication process, in response to verifying the transfer, using a private key to countersign the transfer and return, via the communications port, a signed transfer package for execution of the transfer, and providing, via the communications port, the parameters of the transfer and countersign data to an immutable ledger.

CROSS REFERENCE TO RELATED APPLICATION

This claims priority to, and is a divisional of, U.S. Ser. No.16/410,139 (allowed), filed May 13, 2019 and titled “In-LineVerification of Transactions,” the entire content of which isincorporated herein by reference.

TECHNICAL FIELD

The present disclosure relates generally to computer networks. Moreparticularly, but not exclusively, the present disclosure relates toconfiguring a computer network to make transactions securely.

BACKGROUND

Sophisticated transactions of goods, funds, or services can be supportedby computer networks executing processes to execute and process thetransactions. The computer networks may be susceptible to fraud,inadvertent errors, or other issues that can affect the security andintegrity of the transactions supported by the computer networks.Although security can be enabled via audits and monitors external to acomputer network channel that is processing the transaction, theseout-of-band security systems can also be susceptible to fraud.Furthermore, processing speed and accuracy can be affected by reportingprocesses involving the out-of-band security systems.

SUMMARY

In one example, a computing device includes a communication port, aprocessor device, and a non-transitory computer-readable storage memory.The communication port is configured for communicating data with othercomputing devices. The non-transitory computer-readable storage memoryincludes code that is executable by the processor device to performoperations. The operations include receiving parameters of a transfer.The operations also include verifying the transfer using a multi-factorauthentication process. The operations also include, in response toverifying the transfer, using a private key to countersign the transferand return, via the communications port, a signed transfer package forexecution of the transfer. The operations also include providing, viathe communications port, the parameters of the transfer and countersigndata to an immutable ledger.

In another example, a computing device includes a communication port, aprocessor device, and a non-transitory computer-readable storage memory.The communication port is configured for communicating data with othercomputing devices. The non-transitory computer-readable storage memoryincludes code that is executable by the processor device to performoperations. The operations include intercepting a transfer prior to asettlement system. The operations also include using a transactionidentifier of the transfer to access information from an immutableledger. The operations also include confirming that the information fromthe immutable ledger is consistent with data of the transfer. Theoperations also include, in response to confirming that the informationis consistent with the data of the transfer, providing the transfer tothe settlement system.

In another example, a method includes receiving, by a notary systemcomprising a processor device executing code, parameters of a transfer.The method also includes verifying, by the notary system, the transferusing a multi-factor authentication process. The method also includes inresponse to verifying the transfer, using a private key to countersignthe transfer and returning, by the notary system, a signed transferpackage for execution of the transfer. The method also includesproviding, via the communications port, the parameters of the transferand countersign data to an immutable ledger. The method also includesintercepting, by an interceptor comprising a processor device executingcode, the transfer prior to a settlement system. The method alsoincludes using, by the interceptor, a transaction identifier of thetransfer to access information from the immutable ledger. The methodalso includes confirming that the information from the immutable ledgeris consistent with data of the transfer. The method also includes inresponse to confirming that the information is consistent with the dataof the transfer, providing the transfer to the settlement system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an environment for initiating and executinga transaction while also providing enhanced security to preventfraudulent actions according to one aspect of the present disclosure.

FIG. 2 is a block diagram of an example of a notary system according toone aspect of the present disclosure.

FIG. 3 is a flow chart of a process of a notary system verifying atransaction and digitally signing a verified transaction according toone aspect of the present disclosure.

FIG. 4 is a block diagram of an example of an interceptor according toone aspect of the present disclosure.

FIG. 5 is a flow chart of a process of an interceptor verifying atransaction according to one aspect of the present disclosure.

DETAILED DESCRIPTION

Certain aspects and features relate to using a notary system with theability to sign transactions using private keys and provide informationto an immutable ledger that can be used by an interceptor to verify atransfer for a transaction prior to settlement. The transfer system caninclude separate systems that may operate independently and may besemi-trustworthy. By using an immutable ledger that is accessible to thenotary system and the interceptor, transfers can be verified to reducesecurity risks and to more likely detect fraudulent transactions.

Risks in networked systems are common. Hackers may enter a network andcause fraudulent actions to occur. The risk can be even higher forfinancial transaction networks that often include multiple, separate andindependent systems that are not completely trusted due to the risk ofhackers and other intrusions. A system according to some aspects canprevent fraudulent actions from executing, which can prevent loss in anetwork such as a financial transaction network to make wire transfers,without introducing burdensome hurdles for users to complete legitimatetransactions.

Some examples can provide independent validation and verification oftransactions across multiple systems to provide end-to-end integrity oftransactions across multiple systems without the systems knowledge.Transactions, such as money movement through a wire system or theexchange of goods, are complex interactions between multiple systems,parties, and vendor codes that have different security and operationalrisk. For example, three, four, or more systems can be involved in apayment transaction. Hundreds of servers can implement these complexsystems and numerous interfaces to those systems (e.g. operators, users,administrators) can make it difficult to protect every system at thehighest level. These transactions also go through multiple vendor andthird party code/systems that have various level of security, includingapplication security, server configurations and hardening,authentication levels, and various other cyber risks.

By using certain aspects of the present disclosure, one or multiplesystems can be compromised within a transaction flow, and that can bedetected. And the alteration of a payment can be responded to in anout-of-band network. Examples of fraudulent actions can includefraudulent actions by authorized users, fraudulent actions byunauthorized users or agents using hijacked credentials or sessions(e.g., through user interfaces), fraudulent actions by unauthorizedusers or agents using data injection or data tampering (e.g.,interception and manipulation, creation, replay), or a combination ofthese or other types of fraudulent actions. Unintentional mistakes byusers or agents may also result in actions that can be consideredfraudulent, even if such actions may be unintentional.

When an altered payment is detected, the out-of-network users can takeone or more actions to control the flow of data and payment transactionswithin systems. Examples of actions include stopping the transaction,altering the transaction before sending, and approving and sending thetransaction. Any payments that are detected as changed across thesemultiple systems can be stopped for inspection and, based on establishedprocesses, stopped or sent on to the appropriate payment method (e.g.CHIPS, SWIFT, Fedwire).

Certain aspects can allow for the extensibility of technology andcryptographic validation technologies. This can be used to validatepayment movements across various external partners and vendors, andinclude initiatives such as a “safe harbor.”

In some examples, a notary system can be included with a transactioninitiator system to receive a definition of a transfer (e.g., sourceaccount, target account, and amount or type of goods or services). Thenotary system can electronically sign a transaction after verifyingcredentials from an initiator and approver. The notary system can havetrusted public keys that can be used to verify a digital signature fromthe transaction initiator system. The notary system can also haveprivate keys that can be used to countersign the transaction beforeproviding the signed transaction to the immutable ledger and for furtherexecution. Information about the transaction and the notary system'ssignature of it can be stored in an immutable ledger and provided to atransfer system (such as a money transfer system (MTS)) for furtherexecution. Rather than completely trusting the transaction, the transfersystem can partially trust the transaction and provide the transactionto an interceptor, before a transaction settlement system, that canfurther verify the transaction using the immutable ledger beforeallowing the transaction to be provided to the transaction settlementsystem for settlement.

These illustrative examples are given to introduce the reader to thegeneral subject matter discussed here and are not intended to limit thescope of the disclosed concepts. The following sections describe variousadditional features and examples with reference to the drawings in whichlike numerals indicate like elements, and directional descriptions areused to describe the illustrative aspects but, like the illustrativeaspects, should not be used to limit the present disclosure.

FIG. 1 is a block diagram of an environment for initiating and executinga transaction while also providing enhanced security to preventfraudulent actions according to one aspect of the present disclosure.Included in the environment are systems that can be in a logicallyisolated zone 10, a semi-isolated zone 20, or in a non-isolated zone 30from user input and actions such that some systems are more inherentlytrustworthy than other systems. The systems can be communicativelycoupled via one or more communication networks that may be wireless,wired, or a combination of both. Examples of a communication networkthat may be used include synchronous communication networks,asynchronous communication networks, Wi-Fi networks, backhaul networks,WLAN networks, cellular networks, Internet Protocol networks, or anyother type of suitable communication networks for communicating dataelectronically, optically, or electromagnetically.

Included in a non-isolated zone 30 are systems that include front officesystems 100, an authentication service 102 and security system 104, anotary system 106, and a transaction initialization system 108, such asa wire-payment-initialization system. The front office systems 100 caninclude systems by which users can initiate a transaction and approve atransaction. Examples of front office systems 100 include electronicsystems at branch locations, at a centralized corporate center, realestate loan systems, international transaction systems, andpoint-of-sale terminals. The authentication service 102 and securitysystem 104 can be used to provide front office system users withcredentials or to confirm credentials, such as user name and passwordcombinations received from the users. In some examples, the securitysystem 104 can be a source of public keys that are used to apply adesignation to a transaction that it complies with certain securityprocedures with respect to front end users. The security system 104 canalso provide public keys or verifications to the notary system 106. Anexample of the authentication service 102 is a system that implementsKerberos authentication, such as by implementing a Kerberos protocol asa security support provider. An example of the security system 104 is asystem that implements or supports a multi-factor authentication processfor the authentication service 102. The notary system 106 can verify adigital signature from the front office systems 100 using public keysand can use private keys to digitally sign the transaction in responseto verifying the digital signature. The transaction initializationsystem 108 can be an interface to the systems in semi-isolated zone 20.An example of the transaction initialization system 108 is a WPI.

Included in the semi-isolated zone 20 are an immutable ledger 110, atransaction management system 112, a transfer system 114, and aninterceptor 116. The immutable ledger 110 can be a blockchain,openchain, or other type of electronically stored ledger that isaccessible to multiple systems to update and receive transactionhistory. In some examples, the immutable ledger 110 is stored in acomputer-readable medium on a device having network communicationscapabilities by which other devices can provide updates to the immutableledger 110 and receive data from the immutable ledger 110.

The transaction management system 112 may be a financial transactionmanager (FTM) system that can process and monitor financialtransactions. For example, the transaction management system 112 canreceive a transaction to be executed from the transaction initializationsystem 108, use trusted certificates and rules to prepare the transferfor execution, and track its status as the transaction is executed. Thetransfer system 114 may be a money transfer system (MTS) that canprovide payment-processing capabilities across multiple systems andfurther process transactions for settlement. In some examples, thetransfer system 114 verifies digital signatures of a transfer ortransaction.

The interceptor 116 can be a computing device that is positioned betweenthe transfer system 114 and a transfer settlement system 118 that is inthe isolated zone 10. The interceptor can intercept a transaction beforesettlement, access information from the immutable ledger 110, and verifythe transaction prior to allowing the transaction to be settled by thetransfer settlement system 118. Examples of the transfer settlementsystem 118 include Fedwire, CHIPS, and SWIFT.

By providing transaction information from the notary system 106, whichdigitally signs the transaction, to the immutable ledger 110, andallowing that information to be accessed and used for verification bythe interceptor 116 prior to settlement, fraudulent actions that may beintroduced between the notary system 106 and the interceptor 116 by thevarious systems can be detected.

FIG. 2 is a block diagram of an example of a notary system 106 accordingto some aspects. The notary system 106 can include a processor 204, amemory 208, a bus 206, and a communication port 214. In some examples,some or all of the components shown in FIG. 2 can be integrated into asingle structure, such as a single housing. In other examples, some orall of the components shown in FIG. 2 can be distributed (e.g., inseparate housings) and in electrical communication with each other.

The processor 204 can execute one or more operations for verifying atransaction, digitally signing the transaction, and outputtingtransaction data to other systems. The processor 204 can executeinstructions stored in the memory 208 to perform the operations. Theprocessor 204 can include one processing device or multiple processingdevices. Non-limiting examples of the processor 204 include aField-Programmable Gate Array (“FPGA”), an application-specificintegrated circuit (“ASIC”), a microprocessor, etc.

The processor 204 can be communicatively coupled to the memory 208 viathe bus 206. The non-volatile memory 208 may include any type of memorydevice that retains stored information when powered off. Non-limitingexamples of the memory 208 include electrically erasable andprogrammable read-only memory (“EEPROM”), flash memory, or any othertype of non-volatile memory. In some examples, at least some of thememory 208 can include a medium from which the processor 204 can readinstructions. A computer-readable medium can include electronic,optical, magnetic, or other storage devices capable of providing theprocessor 204 with computer-readable instructions or other program code.Non-limiting examples of a computer-readable medium include (but are notlimited to) magnetic disk(s), memory chip(s), ROM, random-access memory(“RAM”), an ASIC, a configured processor, optical storage, or any othermedium from which a computer processor can read instructions. Theinstructions can include processor-specific instructions generated by acompiler or an interpreter from code written in any suitablecomputer-programming language, including, for example, C, C++, C#, etc.The instructions can include a notary engine 210 that is executable bythe processor 204. Also included in memory 208 is a copy is hashingmodule 212 and public and private keys 216.

Data can be transmitted and received with other computing devices viathe communication port 214. The communication port 214 can includehardware, or a combination of hardware and software, for communicatingwith a communications network. In one example, the communication port214 includes a transceiver and an antenna for wirelessly communicatingdata. In another example, the communication port 214 is an Ethernet portthat can communicate Internet Protocol data via a wired link.

FIG. 3 is a flow chart of a process of a notary system verifying atransaction and digitally signing a verified transaction according toone aspect of the present disclosure. The process is described withreference to the block diagrams of FIGS. 1 and 2, but othersystem-architecture implementations are possible.

In block 302, the notary system 106 receives parameters of a transfer.An example of the transfer is a wire transfer of funds. The notarysystem 106 can receive the parameters from a front office system. Theparameters can be received as part of bundle transaction. The parameterscan include credentials of an initiator and an approver for thetransfer, along with an operator identifier. The parameters can alsoinclude a transaction identifier, an amount to be transferred, a sourceaccount, and a destination account. The parameters can be received viathe communication port 214 from a communications network.

In block 304, the notary system 106 verifies the transfer usingmulti-factor authentication. For example, the notary system 106 caninclude trusted public keys that can be used to verify the digitalsignature of the front office system. And, the notary system 106 caninterface with the security system 104 to implement a multi-factorauthentication process with the user of the front office system toverify the transaction.

In block 306, the notary system 106 determines whether the transfer isverified based on considering the public keys included in the transferand the result of the multi-factor authentication process. If thetransfer is not verified, the notary system 106 prevents the transferfrom executing in block 308. For example, the notary system 106 canoutput a command to other system components to prevent a particulartransaction or transfer from executing, or the notary system 106 canoutput the transfer or transaction without any digital signature, inwhich case the other components will not continue processing thetransaction.

If the transfer is verified, the notary system 106 uses private keys tocountersign the transfer and return the transfer for execution by othercomponents, such as the transaction initialization system 108, in block310. And, the notary system provides parameters about the transfer andcountersign data to the immutable ledger 110. Examples of data that arestored by the immutable ledger 110 include transaction identifier,amount, source account, destination account, digital signature ofinitiator, along with time stamps associated with each data element. Insome examples, the notary system 106 can use the hashing module 212 tohash the transfer parameters and digital signature prior to returningthe transfer for execution and providing the data to the immutableledger 110. In other examples, the system hosting the immutable ledger110 includes a hashing module 212 to hash the data prior to storing inthe immutable ledger and the transaction that is returned for executionis not hashed.

The transaction can be digitally signed by private keys using anyprivate key process, an example of which is x.509v3 certificatemanagement in a public key infrastructure. The transaction can then beexecuted by the transaction initialization system 108, transactionmanagement system 112, and transfer system 114 prior to beingintercepted by the interceptor 116.

FIG. 4 is a block diagram of an example of an interceptor 116 accordingto some aspects. The interceptor 116 can include a processor 404, amemory 408, a bus 406, and a communication port 414. The processor 404can execute one or more operations for verifying a transaction andoutputting transaction data to other systems. The processor 404 canexecute instructions stored in the memory 408 to perform the operations.The processor 404 can be similar to processor 204 in FIG. 2 and be oneor more of the same examples.

The processor 404 can be communicatively coupled to the memory 408 viathe bus 406. The non-volatile memory 408 is similar to the memory 208from FIG. 2 and include one or more of the same examples as that memory.The instructions can include an intercept engine 410 that is executableby the processor 404 to perform operations, some of which are describedbelow with respect to FIG. 5. Data can be transmitted and received withother computing devices via the communication port 414. Thecommunication port 414 can include hardware, or a combination ofhardware and software, for communicating with a communications network.

FIG. 5 is a flow chart of a process of an interceptor verifying atransaction according to one aspect of the present disclosure. Theprocess is described with reference to the block diagrams of FIGS. 1 and4, but other system-architecture implementations are possible.

In block 502, the interceptor 116 intercepts a transaction prior to thetransfer settlement system 118. For example, the interceptor 116 may beplaced in a data transmission path between the transfer system 114 andthe transfer settlement system 118, or the transfer settlement system118 can refuse to settle transactions unless the interceptor 116 hasverified the transaction. Transaction data can be received from anetwork via the communication port 414. The transaction data can includea transaction identifier, source account, destination account, amount,and digital signatures from the notary system 106 and other systems andusers required to provide digital signatures prior to the transactionbeing further processed.

In block 504, the interceptor 116 uses the transaction identifier orother information about the transaction to access data from theimmutable ledger 110. In some examples, the interceptor 116 can make acall to the immutable ledger 110 to request data associated with thetransaction identifier, including historical data that is no longerupdated. In other examples, the interceptor 116 receives a currentledger, with the transaction information and information about othertransactions, and uses the current ledger for analysis.

In block 506, the interceptor 116 determines whether data from theledger is consistent with intercepted transfer information in thetransaction. For example, the interceptor 116 can require that thetransaction information—source account, destination account, digitalsignatures, etc.—match exactly the transaction data from the immutableledger 110. In some examples, the interceptor 116 includes a hashingmodule that is executable to un-hash values of data or to interprethashed values of data from the immutable ledger 110 so that the data canbe compared to the information.

If the data is not consistent with the intercepted transfer information,the interceptor 116 can prevent the transfer from further executing inblock 508. For example, the interceptor 116 can prevent the transactionfrom proceeding the transfer settlement system 118 and can output anotification in an out-of-band channel (e.g., a channel other than atransfer processing data flow channel) to analyze the transaction closerfor fraud.

If the data is consistent with the intercepted transfer information, theinterceptor 116 can provide the transaction to the transfer settlementsystem 118 for settlement in block 510.

Numerous specific details are set forth herein to provide a thoroughunderstanding of the claimed subject matter. But, those skilled in theart will understand that the claimed subject matter may be practicedwithout these specific details. In other instances, methods,apparatuses, or systems that would be known by one of ordinary skillhave not been described in detail so as not to obscure claimed subjectmatter.

Unless specifically stated otherwise, it is appreciated that throughoutthis specification that terms such as “processing,” “computing,”“determining,” and “identifying” or the like refer to actions orprocesses of a computing device, such as one or more computers or asimilar electronic computing device or devices, that manipulate ortransform data represented as physical electronic or magnetic quantitieswithin memories, registers, or other information storage devices,transmission devices, or display devices of the computing platform.

The system or systems discussed herein are not limited to any particularhardware architecture or configuration. A computing device can includeany suitable arrangement of components that provides a resultconditioned on one or more inputs. Suitable computing devices includemultipurpose microprocessor-based computing systems accessing storedsoftware that programs or configures the computing system from ageneral-purpose computing apparatus to a specialized computing apparatusimplementing one or more aspects of the present subject matter. Anysuitable programming, scripting, or other type of language orcombinations of languages may be used to implement the teachingscontained herein in software to be used in programming or configuring acomputing device.

Aspects of the methods disclosed herein may be performed in theoperation of such computing devices. The order of the blocks presentedin the examples above can be varied—for example, blocks can bere-ordered, combined, or broken into sub-blocks. Certain blocks orprocesses can be performed in parallel.

The use of “adapted to” or “configured to” herein is meant as open andinclusive language that does not foreclose devices adapted to orconfigured to perform additional tasks or steps. Additionally, the useof “based on” is meant to be open and inclusive, in that a process,step, calculation, or other action “based on” one or more recitedconditions or values may, in practice, be based on additional conditionsor values beyond those recited. Headings, lists, and numbering includedherein are for ease of explanation only and are not meant to belimiting.

While the present subject matter has been described in detail withrespect to specific aspects thereof, it will be appreciated that thoseskilled in the art, upon attaining an understanding of the foregoing,may readily produce alterations to, variations of, and equivalents tosuch aspects. Any aspects or examples may be combined with any otheraspects or examples. Accordingly, it should be understood that thepresent disclosure has been presented for purposes of example ratherthan limitation, and does not preclude inclusion of such modifications,variations, or additions to the present subject matter as would bereadily apparent to one of ordinary skill in the art.

What is claimed is:
 1. A computing device comprising: a communicationport configured for communicating data with other computing devices; aprocessor device; and a non-transitory computer-readable storage memorycomprising code that is executable by the processor device to: receiveparameters of a transfer; verify the transfer using a multi-factorauthentication process; in response to verifying the transfer, use aprivate key to countersign the transfer and return, via thecommunications port, a signed transfer package for execution of thetransfer; and provide, via the communications port, the parameters ofthe transfer and countersign data to an immutable ledger, wherein thecomputing device is a notary system configured to be in a non-isolatedzone that is accessible to users and configured to communicativelycouple to (i) a transaction initialization system, a security system,and a plurality of front office systems in the non-isolated zone, and to(ii) the immutable ledger in a semi-isolated zone from the users with aninterceptor configured to use data from the immutable ledger to confirmor deny the transfer prior to the transfer reaching a transfersettlement system in an isolated zone from the users.
 2. The computingdevice of claim 1, wherein the transfer is a wire transfer of funds froma first account to a second account.
 3. The computing device of claim 1,wherein the non-transitory computer-readable storage memory comprisescode that is executable by the processor device to receive parameters ofthe transfer by receiving parameters of the transfer that is interceptedprior to a transfer settlement system.
 4. The computing device of claim1, wherein the non-transitory computer-readable storage memory furthercomprises code that is executable by the processor device to: determinetransfers that are unverified using the multi-factor authenticationprocess; and prevent unverified transfers from executing.
 5. A computingdevice, comprising: a communication port configured for communicatingdata with other computing devices; a processor device; and anon-transitory computer-readable storage memory comprising code that isexecutable by the processor device to: intercept a transfer prior to asettlement system; use a transaction identifier of the transfer toaccess information from an immutable ledger; confirm that theinformation from the immutable ledger is consistent with data of thetransfer; and in response to confirming that the information isconsistent with the data of the transfer, provide the transfer to thesettlement system, wherein the computing device is an interceptor of atransactions system, the interceptor configured to prevent the transferfrom executing in response to failing to confirm that the data from thetransfer matches the information in the immutable ledger, wherein theinterceptor is configured to be positioned in a semi-isolated zone withthe immutable ledger such that the interceptor and the immutable ledgerare semi-accessible to users of the transactions system, wherein theinterceptor is configured to communicate with the settlement system inan isolated zone that is inaccessible to the users.
 6. The computingdevice of claim 5, wherein the transfer is a wire transfer of funds froma first account to a second account.
 7. The computing device of claim 5,wherein the interceptor is configured to access the information from theimmutable ledger in which at least part of the information is stored onthe immutable ledger from a notary system in a non-isolated zone that isaccessible to the users, the notary system configured to receiveparameters of the transfer, verify the transfer using a multi-factorauthentication process, in response to verifying the transfer, use aprivate key to countersign the transfer and return a signed transferpackage for execution of the transfer, and provide the parameters of thetransfer and countersign data to the immutable ledger.
 8. The computingdevice of claim 5, wherein the non-transitory computer-readable storagememory further comprises code that is executable by the processor deviceto: determine transfers that are unverified using a multi-factorauthentication process; and prevent unverified transfers from executing.9. A method comprising: receiving, by a notary system comprising aprocessor device executing code, parameters of a transfer; verifying, bythe notary system, the transfer using a multi-factor authenticationprocess; in response to verifying the transfer, using a private key tocountersign the transfer and returning, by the notary system, a signedtransfer package for execution of the transfer; providing, by the notarysystem, the parameters of the transfer and countersign data to animmutable ledger; intercepting, by an interceptor comprising a processordevice executing code, the transfer prior to a settlement system; using,by the interceptor, a transaction identifier of the transfer to accessinformation from the immutable ledger; confirming that the informationfrom the immutable ledger is consistent with data of the transfer; andin response to confirming that the information is consistent with thedata of the transfer, providing the transfer to the settlement system,wherein the notary system is in a non-isolated zone accessible to usersand the interceptor is in a semi-isolated zone that is semi-accessibleto the users.
 10. The method of claim 9, wherein the transfer is a wiretransfer of funds from a first account to a second account.
 11. Themethod of claim 3, wherein receiving, by the notary system comprisingthe processor device executing code, parameters of the transfercomprises the notary system receiving the transfer initiated using afront office system and an authentication service system and a securitysystem in the non-isolated zone that includes a transactioninitialization system that interfaces with systems in the semi-isolatedzone, wherein verifying, by the notary system, the transfer using themulti-factor authentication process comprises using public keys toverify a digital signature from the front office system and to useprivate keys to digitally sign the transfer in response to verifying thedigital signature.
 12. The method of claim 11, further comprising:storing and updating, by the immutable ledger in the semi-isolated zoneand accessible to a plurality of systems, transfer history dataelectronically on a device; receiving, by a transaction managementsystem in the semi-isolated zone, the transfer to be executed from thetransaction initialization system; using, by the transaction managementsystem, trusted certificates and rules to prepare the transfer forexecution; tracking, by the transaction management system, a status ofthe transfer through execution; and verifying, by a transfer system inthe semi-isolated zone, one or more digital signatures of the transfer,wherein the settlement system is positioned in an isolated zone that isisolated from the users.
 13. The method of claim 9, further comprising:determining transfers that are unverified using the multi-factorauthentication process; and preventing unverified transfers fromexecuting.